All Versions
Latest Version
Avg Release Cycle
47 days
Latest Release
410 days ago

Changelog History
Page 1

  • v5.3.1 Changes

    August 09, 2022
    • ๐Ÿ›  Fix version range for CVE-2022-32209
  • v5.3.0 Changes

    August 09, 2022
    • Include explicit engine or lib paths in vendor/ (Joe Rafaniello)
    • Load rexml as a Brakeman dependency
    • ๐Ÿ›  Fix "full call" information propagating unnecessarily
    • โž• Add check for CVE-2022-32209
    • โž• Add CWE information to warnings (Stephen Aghaulor)
  • v5.2.3 Changes

    May 01, 2022
    • ๐Ÿ›  Fix error with hash shorthand syntax
    • Match order of interactive options with help message (Rory O'Kane)
  • v5.2.2 Changes

    April 06, 2022
    • โšก๏ธ Update ruby_parser for Ruby 3.1 support (Merek Skubela)
    • ๐Ÿ– Handle nil when joining values (Dan Buettner)
    • โšก๏ธ Update message for unsafe reflection (Pedro Baracho)
    • โž• Add additional String methods for SQL injection check
    • Respect equality in if conditions
  • v5.2.1 Changes

    January 30, 2022
    • โž• Add warning codes for EOL software warnings
  • v5.2.0 Changes

    December 15, 2021
    • ๐ŸŽ‰ Initial Rails 7 support
    • ๐Ÿ’Ž Require Ruby 2.5.0+
    • ๐Ÿ›  Fix issue with calls to foo.root in routes
    • Ignore I18n.locale in SQL queries
    • Do not treat sanitize_sql_like as safe
    • โž• Add new checks for unsupported Ruby and Rails versions
  • v5.1.2 Changes

    October 28, 2021
    • ๐Ÿ– Handle cases where enums are not symbols
    • ๐Ÿ‘Œ Support newer Haml with
    • ๐Ÿ›  Fix issue where the previous output is still visible (Jason Frey)
    • ๐Ÿ›  Fix warning sorting with nil line numbers
    • โšก๏ธ Update for latest RubyParser (Ryan Davis)
  • v5.1.1 Changes

    July 19, 2021
    • ๐Ÿ”จ Unrefactor IgnoreConfig's use of Brakeman::FilePath
  • v5.1.0 Changes

    July 19, 2021
    • ๐ŸŽ‰ Initial support for ActiveRecord enums
    • ๐Ÿ‘Œ Support Hash#include?
    • Interprocedural dataflow from very simple class methods
    • ๐Ÿ›  Fix SARIF report when checks have no description (Eli Block)
    • โž• Add ignored warnings to SARIF report (Eli Block)
    • โž• Add --sql-safe-methods option (Esty Scheiner)
    • โšก๏ธ Update SQL injection check for Rails 6.0/6.1
    • ๐Ÿ›  Fix false positive in command injection with Open3.capture (Richard Fitzgerald)
    • ๐Ÿ›  Fix infinite loop on mixin self-includes (Andrew Szczepanski)
    • Ignore dates in SQL
    • ๐Ÿ”จ Refactor cookie?/param? methods (Keenan Brock)
    • Ignore renderables in dynamic render path check (Brad Parker)
    • ๐Ÿ‘Œ Support Array#push
    • ๐Ÿ‘ Better Array#join support
    • Adjust copy of --interactive menu (Elia Schito)
    • ๐Ÿ‘Œ Support Array#*
    • ๐Ÿ‘ Better method definition tracking and lookup
    • ๐Ÿ‘Œ Support Hash#values and Hash#values_at
    • Check for user-controlled evaluation even if it's a call target
    • ๐Ÿ‘Œ Support Array#fetch and Hash#fetch
    • Ignore sanitize_sql_like in SQL
    • Ignore method calls on numbers in SQL
    • โž• Add GitHub Actions format (Klaus Badelt)
    • ๐Ÿ“œ Read and parse files in parallel
  • v5.0.4 Changes

    June 08, 2021

    ๐Ÿš€ (brakeman gem release only)

    • โšก๏ธ Update bundled ruby_parser to include argument forwarding support